BeyondTrust Research Discovers that 81 Percent of Critical Microsoft Vulnerabilities Mitigated by Removing Admin Rights

• Research reveals the number of reported Microsoft vulnerabilities more than doubled since 2013
• Company’s sixth annual Microsoft Vulnerabilities Report analyses security bulletins released during 2018

Atlanta, GA – April 25, 2019 – BeyondTrust, the worldwide leader in Privileged Access Management, today announced the release of its Microsoft Vulnerabilities Report. The research provides the latest insight into security vulnerabilities facing organizations today, as well as a five-year trends analysis to better equip organizations to increase their IT security posture and keep networks and systems safe.

This year’s report identified the following highlights:

• 700 Microsoft vulnerabilities were reported in 2018, representing a 110 percent increase in the overall number of reported vulnerabilities over 6 years (2013-2018).
• The number of vulnerabilities ranked as “Critical” by Microsoft are up 29 percent over 6 years (2013-2018).
• Remote Code Execution (RCE) vulnerabilities account for the largest proportion of total Microsoft vulnerabilities through 2018, with 292 RCE vulnerabilities reported, and 178 considered Critical (61 percent).
• In 2018, 499 vulnerabilities were reported across Windows Vista, Windows 7, Windows RT, Windows 8/8.1, and Windows 10 operating systems, 169 considered Critical (34 percent).
• Despite being the newest browser, Microsoft’s Edge browser has nearly triple the number of Critical vulnerabilities reported (112), compared to Internet Explorer (39). Critical vulnerabilities in Microsoft Edge have increased six-fold since its inception two years ago.
• Vulnerabilities in Microsoft Office continue to rise year-over-year, with a 121 percent increase over 6 years (2013-2018).
• Windows Server Vulnerabilities represent a significant percentage of the total number of vulnerabilities reported, reporting 449 in 2018, 136 of those Critical (30 percent).

Further analysis indicates that, over the last five years, nearly 88 percent of all Critical vulnerabilities published by Microsoft could have been mitigated by security teams removing admin rights from users.

“The Microsoft Vulnerabilities Report 2019 supports the importance of least privilege models, proving that reducing the number of admin users is a necessary step in the foundation of your security strategy," said Dr Jessica Barker, Co-CEO of Cygenta and Chair of ClubCISO.

“The rate at which vulnerabilities are increasing is a significant concern for organizations committed to protecting their networks from data breaches,” said Morey Haber, Chief Technology Officer & Chief Information Security Officer at BeyondTrust. “While organizations need to continue to focus on the security basics, the ability to remove admin rights and control applications is no longer difficult to achieve, and least privilege should be considered as part of a proactive security strategy.”

The full Microsoft Vulnerabilities Report for 2018 can be downloaded here: https://www.beyondtrust.com/....

About BeyondTrust:

BeyondTrust is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access. Our extensible platform empowers organizations to easily scale privilege security as threats evolve across endpoint, server, cloud, DevOps, and network device environments. BeyondTrust unifies the industry’s broadest set of privileged access capabilities with centralized management, reporting, and analytics, enabling leaders to take decisive and informed actions to defeat attackers. Our holistic platform stands out for its flexible design that simplifies integrations, enhances user productivity, and maximizes IT and security investments. BeyondTrust gives organizations the visibility and control they need to reduce risk, achieve compliance objectives, and boost operational performance. We are trusted by 20,000 customers, including half of the Fortune 100, and a global partner network. Learn more at www.beyondtrust.com.

Follow BeyondTrust:

Twitter: https://twitter.com/beyondtrust

Blog: www.beyondtrust.com/blog

LinkedIn: https://www.linkedin.com/company/beyondtrust

Facebook: http://www.facebook.com/beyondtrust

Website: https://www.beyondtrust.com/sailpoint

###

Mike Bradshaw
Connect Marketing for BeyondTrust
P: (801) 373-7888
E: mikeb@connectmarketing.com